From owner-freebsd-questions@FreeBSD.ORG Sun Jan 4 16:44:11 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A592F16A4CE for ; Sun, 4 Jan 2004 16:44:11 -0800 (PST) Received: from www6.web2010.com (www6.web2010.com [216.157.5.254]) by mx1.FreeBSD.org (Postfix) with ESMTP id F0A0F43D2F for ; Sun, 4 Jan 2004 16:44:09 -0800 (PST) (envelope-from MLandman@face2interface.com) Received: from delliver.face2interface.com (dialup-wash-129-203.thebiz.net [64.30.129.203] (may be forged)) by www6.web2010.com (8.12.10/8.9.0) with ESMTP id i050hLcN022961; Sun, 4 Jan 2004 19:43:22 -0500 (EST) Message-Id: <6.0.0.22.0.20040104193550.034d8ae0@pop.face2interface.com> X-Sender: face@pop.face2interface.com X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Sun, 04 Jan 2004 19:44:05 -0500 To: freebsd-questions@freebsd.org From: Marty Landman Cc: freebsd-questions@freebsd.org In-Reply-To: <44hdzbtf99.fsf@be-well.ilk.org> References: <6.0.0.22.0.20040104142759.1111d578@pop.face2interface.com> <20040104230340.93160.qmail@web14524.mail.yahoo.com> <6.0.0.22.0.20040104182413.02d37b50@pop.face2interface.com> <44hdzbtf99.fsf@be-well.ilk.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: Re: starting daemons at server start X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Jan 2004 00:44:11 -0000 At 07:23 PM 1/4/2004, Lowell Gilbert wrote: >I'm not an expert at Apache, exactly, but I can tell that you need to be >more specific about the changes you're making, and why, before anybody can >help you find a way to avoid doing that. As I understand it, Apache provides a module called suexec to allow cgi's to run as the user that owns the directory. Without suexec cgi's run as the httpd owner which is typically a 'nobody' user with highly restricted permissions. So to allow e.g. mypgm.cgi default permission to write to a file in /mnt/web/guide/guido (user Guido's root) with a chmod of 644 Apache must be recompiled with suexec enabled. I failed at my attempt to do this and didn't want to keep plugging away so have just chmod'd my (local intranet) root directories to 777. It's a lousy kluge but it does permit me to keep working. >A lot of workarounds tend to be just as much of a security concern as >suexec is itself. Not sure security's an issue on my intranet, but inevitably working improperly will lead to improper results and security issues on the production server. Marty Landman Face 2 Interface Inc 845-679-9387 Sign On Required: Web membership software for your site Make a Website: http://face2interface.com/Home/Demo.shtml